[Jan-2022] Cisco 350-701 Exam: Basic Questions With Answers
New 2022 Realistic Free Cisco 350-701 Exam Dump Questions & Answer
Best Revision Book: Introducing Cisco 350-701 Official Certification Guide
The CCNP and CCIE Security Core SCOR 350-701 Official Cert Guide (1st Edition) is one of the most comprehensive study materials you can use to pass 350-701 exam. Why? Because it features a lot of exciting resources that will cover everything about the final test. Written by Omar Santos, this book presents the best combination of tools to help you master all the exam concepts easily. It has quizzes at the beginning of every chapter to help you know what you will cover in every section. Besides, it also has chapter review tasks that will help you achieve much more than just drilling on the vital exam concepts. All in all, the official cert guide for the Cisco 350-701 exam is not only valuable because of the exciting study plans it provides but also for the video instruction from the author, a lot of questions and exercises, and unmatched detail on every test objective to ensure you get everything right at the first attempt.
The Cisco 350-701 SCOR exam tests the candidates' knowledge of operating and implementing core security technologies such as network or cloud security, content security, or endpoint protection and detection.
NEW QUESTION 94
A company is experiencing exfiltration of credit card numbers that are not being stored on-premise. The company needs to be able to protect sensitive data throughout the full environment. Which tool should be used to accomplish this goal?
- A. Cloudlock
- B. Web Security Appliance
- C. Security Manager
- D. Cisco ISE
Answer: A
Explanation:
Explanation
Cisco Cloudlock is a cloud-native cloud access security broker (CASB) that helps you move to the cloud safely. It protects your cloud users, data, and apps. Cisco Cloudlock provides visibility and compliance checks, protects data against misuse and exfiltration, and provides threat protections against malware like ransomware.
NEW QUESTION 95
What is the benefit of integrating cisco ISE with a MDM solution?
- A. It provides the ability to add applications to the mobile device through Cisco ISE
- B. It provides compliance checks for access to the network
- C. It provides network device administration access
- D. It provides the ability to update other applications on the mobile device
Answer: B
NEW QUESTION 96
Refer to the exhibit.
What is a result of the configuration?
- A. Traffic from the inside network is redirected
- B. Traffic from the inside and DMZ networks is redirected
- C. All TCP traffic is redirected
- D. Traffic from the DMZ network is redirected
Answer: B
NEW QUESTION 97
Which function is the primary function of Cisco AMP threat Grid?
- A. automated email encryption
- B. monitoring network traffic
- C. applying a real-time URI blacklist
- D. automated malware analysis
Answer: D
NEW QUESTION 98
What is the purpose of the My Devices Portal in a Cisco ISE environment?
- A. to request a newly provisioned mobile device
- B. to register new laptops and mobile devices
- C. to provision userless and agentless systems
- D. to manage and deploy antivirus definitions and patches on systems owned by the end user
Answer: A
Explanation:
Explanation
NEW QUESTION 99
What are two benefits of Flexible NetFlow records? (Choose two)
- A. They converge multiple accounting technologies into one accounting mechanism
- B. They provide attack prevention by dropping the traffic
- C. They provide monitoring of a wider range of IP packet information from Layer 2 to 4
- D. They allow the user to configure flow information to perform customized traffic identification
- E. They provide accounting and billing enhancements
Answer: D,E
Explanation:
NetFlow is typically used for several key customer applications, including the following:
...
Billing and accounting. NetFlow data provides fine-grained metering (for instance, flow data includes details such as IP addresses, packet and byte counts, time stamps, type of service (ToS), and application ports) for highly flexible and detailed resource utilization accounting. Service providers may use the information for billing based on time of day, bandwidth usage, application usage, quality of service, and so on. Enterprise customers may use the information for departmental charge back or cost allocation for resource utilization.
NetFlow is typically used for several key customer applications, including the following:
...
Billing and accounting. NetFlow data provides fine-grained metering (for instance, flow data includes details such as IP addresses, packet and byte counts, time stamps, type of service (ToS), and application ports) for highly flexible and detailed resource utilization accounting. Service providers may use the information for billing based on time of day, bandwidth usage, application usage, quality of service, and so on. Enterprise customers may use the information for departmental charge back or cost allocation for resource utilization.
NetFlow is typically used for several key customer applications, including the following:
...
Billing and accounting. NetFlow data provides fine-grained metering (for instance, flow data includes details such as IP addresses, packet and byte counts, time stamps, type of service (ToS), and application ports) for highly flexible and detailed resource utilization accounting. Service providers may use the information for billing based on time of day, bandwidth usage, application usage, quality of service, and so on. Enterprise customers may use the information for departmental charge back or cost allocation for resource utilization.
Reference:
If the predefined Flexible NetFlow records are not suitable for your traffic requirements, you can create a userdefined (custom) record using the Flexible NetFlow collect and match commands. Before you can create a customized record, you must decide the criteria that you are going to use for the key and nonkey fields.
cust_fnflow_rec_mon_external_docbase_0900e4b18055d0d2_4container_external_docbase_0900e4b181b413 d9.html#wp1057997 Note: Traditional NetFlow allows us to monitor from Layer 2 to 4 but Flexible NetFlow goes beyond these layers.
If the predefined Flexible NetFlow records are not suitable for your traffic requirements, you can create a userdefined (custom) record using the Flexible NetFlow collect and match commands. Before you can create a customized record, you must decide the criteria that you are going to use for the key and nonkey fields.
cust_fnflow_rec_mon_external_docbase_0900e4b18055d0d2_4container_external_docbase_0900e4b181b413 d9.html#wp1057997 Note: Traditional NetFlow allows us to monitor from Layer 2 to 4 but Flexible NetFlow goes beyond these If the predefined Flexible NetFlow records are not suitable for your traffic requirements, you can create a userdefined (custom) record using the Flexible NetFlow collect and match commands. Before you can create a customized record, you must decide the criteria that you are going to use for the key and nonkey fields.
cust_fnflow_rec_mon_external_docbase_0900e4b18055d0d2_4container_external_docbase_0900e4b181b413 d9.html#wp1057997 Note: Traditional NetFlow allows us to monitor from Layer 2 to 4 but Flexible NetFlow goes beyond these layers.
NEW QUESTION 100
When choosing an algorithm to us, what should be considered about Diffie Hellman and RSA for key establishment?
- A. DH is a symmetric key establishment algorithm intended to output asymmetric keys
- B. RSA is a symmetric key establishment algorithm intended to output asymmetric keys
- C. DH is on asymmetric key establishment algorithm intended to output symmetric keys
- D. RSA is an asymmetric key establishment algorithm intended to output symmetric keys
Answer: C
Explanation:
Diffie Hellman (DH) uses a private-public key pair to establish a shared secret, typically a symmetric key. DH is not a symmetric algorithm - it is an asymmetric algorithm used to establish a shared secret for a symmetric key algorithm.
NEW QUESTION 101
Which attack is preventable by Cisco ESA but not by the Cisco WSA?
- A. SQL injection
- B. phishing
Explanation
The following are the benefits of deploying Cisco Advanced Phishing Protection on the Cisco Email Security Gateway:
Prevents the following:
+ Attacks that use compromised accounts and social engineering.
+ Phishing, ransomware, zero-day attacks and spoofing.
+ BEC with no malicious payload or URL. - C. buffer overflow
- D. DoS
Answer: B
Explanation:
Reference:
/b_ESA_Admin_Guide_13-5/m_advanced_phishing_protection.html
NEW QUESTION 102
How does Cisco Workload Optimization Manager help mitigate application performance issues?
- A. It optimizes a flow path
- B. It sets up a workload forensic score
- C. It automates resource resizing
- D. It deploys an AWS Lambda system
Answer: A
Explanation:
Cisco Workload Optimization Manager provides specific real-time actions that ensure workloads get the resources they need when they need them, enabling continuous placement, resizing, and capacity decisions that can be automated, driving continuous health in the environment. You can automate the software's decisions according to your level of comfort: recommend (view only), manual (select and apply), or automated (executed in real time by software). Reference: https://www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/one-enterprisesuite/solution-overview-c22-739078.pdf resources they need when they need them, enabling continuous placement, resizing, and capacity decisions that can be automated, driving continuous health in the environment. You can automate the software's decisions according to your level of comfort: recommend (view only), manual (select and apply), or automated (executed in real time by software).
Cisco Workload Optimization Manager provides specific real-time actions that ensure workloads get the resources they need when they need them, enabling continuous placement, resizing, and capacity decisions that can be automated, driving continuous health in the environment. You can automate the software's decisions according to your level of comfort: recommend (view only), manual (select and apply), or automated (executed in real time by software). Reference: https://www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/one-enterprisesuite/solution-overview-c22-739078.pdf
NEW QUESTION 103
Refer to the exhibit.
An organization is using DHCP Snooping within their network. A user on VLAN 41 on a new switch is complaining that an IP address is not being obtained. Which command should be configured on the switch interface in order to provide the user with network connectivity?
- A. ip dhcp snooping trust
- B. ip dhcp snooping verify mac-address
- C. ip dhcp snooping limit 41
- D. ip dhcp snooping vlan 41
Answer: A
Explanation:
To understand DHCP snooping we need to learn about DHCP spoofing attack first.
DHCP spoofing is a type of attack in that the attacker listens for DHCP Requests from clients and answers them with fake DHCP Response before the authorized DHCP Response comes to the clients. The fake DHCP Response often gives its IP address as the client default gateway -> all the traffic sent from the client will go through the attacker computer, the attacker becomes a "man-in-the-middle".
The attacker can have some ways to make sure its fake DHCP Response arrives first. In fact, if the attacker is "closer" than the DHCP Server then he doesn't need to do anything. Or he can DoS the DHCP Server so that it can't send the DHCP Response.
DHCP snooping can prevent DHCP spoofing attacks. DHCP snooping is a Cisco Catalyst feature that determines which switch ports can respond to DHCP requests. Ports are identified as trusted and untrusted.
Only ports that connect to an authorized DHCP server are trusted, and allowed to send all types of DHCP messages. All other ports on the switch are untrusted and can send only DHCP requests. If a DHCP response is seen on an untrusted port, the port is shut down.
The port connected to a DHCP server should be configured as trusted port with the "ip dhcp snooping trust" command. Other ports connecting to hosts are untrusted ports by default.
In this question, we need to configure the uplink to "trust" (under interface Gi1/0/1) as shown below.
NEW QUESTION 104
An engineer needs behavioral analysis to detect malicious activity on the hosts, and is configuring the organization's public cloud to send telemetry using the cloud provider's mechanisms to a security device. Which mechanism should the engineer configure to accomplish this goal?
- A. Flow
- B. VPC flow logs
- C. mirror port
- D. NetFlow
Answer: D
NEW QUESTION 105
After a recent breach, an organization determined that phishing was used to gain initial access to the network before regaining persistence. The information gained from the phishing attack was a result of users visiting known malicious websites. What must be done in order to prevent this from happening in the future?
- A. Modify outbound malware scanning policies
- B. Modify an access policy.
- C. Modify identification profiles.
- D. Modify web proxy settings
Answer: D
Explanation:
NEW QUESTION 106
Drag and drop the descriptions from the left onto the encryption algorithms on the right.
Answer:
Explanation:
NEW QUESTION 107
What are the two most commonly used authentication factors in multifactor authentication? (Choose two.)
- A. biometric factor
- B. time factor
- C. confidentiality factor
- D. encryption factor
- E. knowledge factor
Answer: B,E
NEW QUESTION 108
Which feature requires a network discovery policy on the Cisco Firepower Next Generation Intrusion Prevention System?
- A. URL filtering
- B. impact flags
- C. security intelligence
- D. health monitoring
Answer: B
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/introduction_to_network_discovery_and_identity.html?bookSearch=true
NEW QUESTION 109
Which feature of Cisco ASA allows VPN users to be postured against Cisco ISE without requiring an inline posture node?
- A. DHCP snooping
- B. RADIUS Change of Authorization
- C. device tracking
- D. VLAN hopping
Answer: B
NEW QUESTION 110
An engineer has been tasked with implementing a solution that can be leveraged for securing the cloud users, data, and applications. There is a requirement to use the Cisco cloud-native CASB and cloud cybersecurity platform. What should be used to meet these requirements?
- A. Cisco NGFW
- B. Cisco Cloudlock
- C. Cisco Cloud Email Security
- D. Cisco Umbrella
Answer: B
Explanation:
Explanation
Cisco Cloudlock: Secure your cloud users, data, and applications with the cloud-native Cloud Access Security Broker (CASB) and cloud cybersecurity platform.
NEW QUESTION 111
Refer to the exhibit.
Traffic is not passing through IPsec site-to-site VPN on the Firepower Threat Defense appliance. What is causing this issue?
- A. Site-to-site VPN preshared keys are mismatched.
- B. The access control policy is not allowing VPN traffic in.
- C. No split-tunnel policy is defined on the Firepower Threat Defense appliance.
- D. Site-to-site VPN peers are using different encryption algorithms.
Answer: B
Explanation:
Explanation Explanation If sysopt permit-vpn is not enabled then an access control policy must be created to allow the VPN traffic through the FTD device. If sysopt permit-vpn is enabled skip creating an access control policy. Reference: https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/215470- site-to-site-vpn-configuration-on-ftd-ma.html
NEW QUESTION 112
......
CCIE Security
The CCIE Security certificate recognizes the expert-level mastery of Cisco security solutions and technologies. Particularly, this certification is meant for seasoned security professionals tasked with architecting, engineering, implementing, troubleshooting, and supporting vital security concepts to prevent security threats, risks, and vulnerabilities. It is the immediate step after passing the CCNP Security exam, which will require sitting for two tests, 350-701 & the lab validation known as the CCIE Security v6.0.
Guaranteed Success in CCNP Security 350-701 Exam Dumps: https://www.dumpstorrent.com/350-701-exam-dumps-torrent.html
350-701 Practice Test Engine: Try These 358 Exam Questions: https://drive.google.com/open?id=1MZRzBTioaUyyr25xC3mk3DoPv8ru2ahh